Ransomware - Prestige

Prestige
Decryptor Available
No
Description

Prestige is another crypto-ransomware and pseudo-ransomware (wiper) that emerged from the Ukraine-Russia conflict that began in February 2022. Based on the sample we analyzed, Prestige performs all of the typical crypto-ransomware behavior, such as deleting shadow copies and encrypting files using a hybrid encryption scheme of AES-256 coupled with RSA-2048. After encryption, the files are renamed to include a '.enc' file extension, and a ransom note is dropped in the machine's Public user folder. It's also determined to be a wiper because there is no intent on receiving a ransom, and that's based on assumptions of the threat actor and the context - Sandworm team (Seashell Blizzard) and an attack during a conflict, respectively. Their intent is to cause destruction and disruption, with no intent on communicating with victims and receiving a ransom.

Ransomware Type
Crypto-Ransomware
Wiper
Country of Origin
Russia
First Seen
Last Seen
Threat Actors
Type
Actor
APT
Sandworm
Extortion Types
Direct Extortion
Pseudo-Extortion
Communication
Moyen
Identifiant
Encryption
Type
Hybrid
Files
AES-256
Key
RSA-2048
File Extension
<file name>.enc
Ransom Note Name
README
Ransom Note Image
Samples (SHA-256)
5dd1ca0d471dee41eb3ea0b6ea117810f228354fc3b7b47400a812573d40d91d
5fc44c7342b84f50f24758e39c8848b2f0991e8817ef5465844f5f2ff6085a57
6cff0bbd62efe99f381e5cc0c4182b0fb7a9a34e4be9ce68ee6b0d0ea3eee39c